Extreme L3 switch doesn't send icmp redirect packet.

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved

In the network there are a L3 Extreme Networks switch and a Cisco wan router. Both devices operate with OSPF.  The pc has a default gateway, which is the L3 switch. When I connect to a device which is connected through the cisco router, I  expect a icmp redirect packet from the Extreme switch, but the switch doesn’t send it.

The setting ICMP redirect is enabled.

Why isn’t the switch sending those packets ?

Photo of Johan Hendrikx

Johan Hendrikx

  • 3,712 Points 3k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Johan

Can you do a show IPstats command and paste it?  Also are the L3 switch and the Cisco router connected to the same L2 VLAN like a L2 switch?

Thanks
P
Photo of Kawawa

Kawawa, GTAC

  • 3,272 Points 3k badge 2x thumb
I think redirects will only be generated by the Extreme switch when an incoming packet has the Options field set, or when the destination IP of the packet is not in the L3 forwarding table, which would mean the packet would have to be slow-pathed in order for the redir to be sent.  I'll double-check
(Edited)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,220 Points 10k badge 2x thumb
Hello Johan,

can you provide the relevant routing table entries and IP addresses?

Thanks,
Erik
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Kawawa you are right.  The show ipstats will show if the packets are going to CPU to be forwarded.  If both routers the Extreme switch and the cisco are on the same L2 VLAN and the Extreme is the DG then the packet should go to him first.  He will know that the Cisco has the interface to the subnet and will forward it over to the Cisco and should send  redirect back to the end station to tell him to send it to the Cisco.

P
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,220 Points 10k badge 2x thumb
Hi,

while "show ipstats" can show if ICMP redirects are sent and/or received, it cannot tell us if ICMP redirects should be generated in the first place.
show ipstats | include [Rr]edirect
Erik
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,220 Points 10k badge 2x thumb
Hi,

OK, the manual says that ICMP redirects are only generated for slow path forwarded packets:

ICMP redirects are only generated for IPv4 unicast packets that are "slowpath" forwarded by the CPU.That is, IPv4 packets that contain IP Options, or packets whose Destination IP is not in the Layer 3 forwarding hardware table.
Since the switch should usually forward packets using its forwarding hardware, it will usually not generate ICMP redirects.

Erik
Photo of Johan Hendrikx

Johan Hendrikx

  • 3,712 Points 3k badge 2x thumb

The requested information:


The cisco router and the L3 Extreme switch are in the same vlan.

I have made several traces. In the traces of the Extreme L3 there are no redirect packets.

IP Global Statistics
InReceives = 1709943280 InUnicast  =  901450824 InBcast    =  495381177
                        InMcast    =  313111279
InHdrErr   =    5166521 Bad vers   =          2 Bad chksum =        707
                        Short pkt  =        225 Short hdr  =          0
                        Bad hdrlen =          0 Bad length =        450
InDelivers =  735598580 InDiscards =          0 Bad Proto  =          0
OutRequest = 1101261909 OutDiscard =        998 OutNoRoute =          0
Forwards   =  517235870 ForwardOK  =  517235870 Fwd Err    =          0
NoFwding   =   27281679 Redirects  =    4322695 No route   =          0
Bad TTL    =    5165587 Bad MC TTL =          0
Bad IPdest =   22095733 Blackhole  =          0 Output err =          0
MartianSrc =          0
FragCreate =          0 FragOKs    =          0 FragFails  =        998

Global ICMP Statistics
OutResp    =    5171220 OutError   =          0 InBadcode  =          0
InTooshort =          0 Bad chksum =          0 In Badlen  =          0
echo reply                      In =      11631        Out =    5171220
destination unreachable         In =      40869        Out =   22002294
 - protocol unreachable         In =          0        Out =          0
redirect                        In =          0        Out =    4322695
echo                            In =    5171253        Out =      27808
router advertisement            In =        428        Out =          0
time exceeded                   In =        396        Out =    3853084

Global IGMP Statistics
Out Query  =    9674513 Out Report =    9872627 Out Leave  =      20493
In Query   =    6944445 In Report  =   47501265 In Leave   =     638949
In Error   =          0


and


sh ipstats | include redirect
redirect                        In =          0        Out =    4322695

Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
Hi Johan,

As Erik mentioned, ICMP redirects will only be sent for CPU forwarded packets. Since most traffic will be hardware forwarded in the switching ASICs, it is expected for ICMP redirects to not be sent.